WordPress WP Marketplace Plugin File Enumeration Weakness and File Upload Vulnerabilities

Bugtraq ID:	52960
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Apr 10 2012 12:00AM
Updated:	Apr 10 2012 12:00AM
Credit:	The vendor reported this issue.
Vulnerable:	WordPress WP Marketplace Plugin 1.2.1
Not Vulnerable:	WordPress WP Marketplace Plugin 1.2.2

WordPress WP Marketplace Plugin File Enumeration Weakness and File Upload Vulnerabilities

The WP Marketplace Plugin for WordPress is prone to a file-enumeration weakness and a file-upload vulnerability.

Exploiting these issues may allow attackers to determine whether certain files reside on the affected computer, disclose sensitive information, or upload and execute arbitrary script code in the context of the webserver. Information obtained may lead to further attacks.

Versions prior to WP Marketplace Plugin 1.2.2 are vulnerable.

WordPress WP Marketplace Plugin File Enumeration Weakness and File Upload Vulnerabilities

Attackers can exploit this issue with a browser.

WordPress WP Marketplace Plugin File Enumeration Weakness and File Upload Vulnerabilities

Solution:
Updates are available. Please see the references for more information.

WordPress WP Marketplace Plugin File Enumeration Weakness and File Upload Vulnerabilities

References:

• WP Marketplace 1.2.2 (WordPress)
  
• WP Marketplace Homepage (WordPress)